/etc/syslog.conf- this is how it was done in the old days. Now in the default file, you'll notice the line:
service syslogd restart
service ftpd restart
I've been trying to get failed login attempts to ftp into the
logs. This is only temporary, I don't really want to know how
many tens of thousands of blind attacks are being made onto my
server, talk about logspam! But - I do have some remote
automated sites that are failing, and I want to figure out why -
determining if they're getting in at all is the first step.
Unfortunately, I can't seem to get this in the logs. It's not
console.log. If you figure this one out, please
feel free to contact me!
grep ftp /etc/passwd-- the pkg install should have created a new user named 'ftp'. This user is used for anonymous login - if not there, you'll need to create it - google for it.
ftpas a line all by itself. Each line with a username in this file is DISALLOWED from ftp access.
inetd. I recommenmd changing it to be a standalone daemon.
ftpd_flags="-ll -p /var/run/ftpd.pid"
service ftpd restartwhen you make chages to config.
pkg install pure-ftpd
/etc/group. Add new line '
/etc/master.passwd, dup the line for user 22 immediately before it, and replace the 22's with 14, and change username to 'ftp'. Change fullname from 'Secure Shell' to 'pureftp'
vipw, dirty the file, I'd suggest change fullname 'pureftp' to 'Pureftp'.
cp pure-ftpd.conf.sample pure-ftpd.conf
changes I made were:
CertFileAndKey "/root/cert/..." "/root/cert/..."
Allrighty, we're done, let's try it...
service ftpd stop
service pure-ftpd start
Got an error here:
Shared object "libdl.so.1" not found
Some google searching it appears that I may need to to a pkg upgrade.
pkg upgrade -f
It asked if I wanted to change 'php56' to php71. I have php72, so I said no. It then asked if I wanted to change php56 to php72 - yes!
pkg upgrade -f again immediately it finished, buncha more stuff to do.
FYI: observed emacs is broken with the same libdl.so.1 missing error - this is very very bad. Sure hope the upgrade fixes it.
In the end, I ftp'ed a copy of libdl.so.1, and libdl.a from a twin server, then recreated the libdl.so.1 symbolic link.
/var/log/messages, it says it can't find
/etc/ssl/certs/ftpd.pem. I added a link to my existing .csr that I'm using for sendmail and apache, but now it gives an error about "can't find start line" or something. Oh yeah, .pem format is not the same as .csr. Maybe I'll get back to this later.
As I recall, ftpd came already installed and configured reasonably on
my FreeBSD11.1 install. I run the ftp deamon standalone, not under
inetd, I think that's the way it came. You may need to do a
inetd and/or edit
/etc/inetd.conf if you want to
One special thing that I do have to do though, is that I have customer
accounts that should only be allowed to ftp into their own website
area. I do this as follows:
Once only: edit
Add a new line to create a new group named
I arbitrarily chose to use group number 30 - just pick any number that's not already taken. Offhand I'd suggest using a several digit number as there are some standard packages with numbers they want to use, e.g. web servers like to use 80. I've gotten away with 30 for years, so I'm sticking with it, even though I may be skating on thin ice.
/etc/ftpchroot, and add:
If this file is not already present to edit, simply create it with this single line in it. Note that you can do a
ftpchroot for more info on this config file, there's lots more
you can do here.
If you haven't already created it:
Note that this may also be made on a separate (big) disk/volume, and may simply be a symbolic link in the root dir, eg:
mkdir /[big disk name]
ln -s /[big disk name]
Whenever you add a customer account, do your normal old
adduser, and use group
do the following:
mv /home/[their username]
/web/[their domain name]
ln -s /home/[their username]
/web/[their domain name]
Lastly, note that if you want to change an account to be limited this way, you can simply use
vipw to edit this user and change
their group to this one.